Health care isn't the only industry that faces government rules that may require a security-gap analysis for compliance. In addition to HIPAA, the federal government has turned an eye on security measures used within the financial community.

The Gramm-Leach-Bliley Act (S.30.IS and S.450.IS), passed by Congress last year, allows closer ties among banks, securities firms and insurance companies, with the proviso that they maintain the privacy and security of nonpublic personal information about customers. Details of the act, also known as the Financial Institution Privacy Protection Act of 2001, are available online at the Library of Congress' Thomas Web site by searching on the bill numbers above.

If IT leaders aren't sure what specific steps they need to take to comply with the Gramm-Leach-Bliley Act's security regulations, a look at the HIPAA provisions will give them a good blueprint, says Rick Telesca, an analyst at Giga Information Group Inc. in Cambridge, Mass. HIPAA rules provide the fundamentals for many security situations, according to Telesca: "HIPAA is a good standard of security for anybody."